U.S. patent application number 10/647350 was filed with the patent office on 2004-03-18 for high-security encoding device for remote controller.
This patent application is currently assigned to Holltek Semiconductor Inc.. Invention is credited to Lee, Yung-Cheng, Wu, Chia-Ju.
Application Number | 20040052374 10/647350 |
Document ID | / |
Family ID | 31989689 |
Filed Date | 2004-03-18 |
United States Patent
Application |
20040052374 |
Kind Code |
A1 |
Lee, Yung-Cheng ; et
al. |
March 18, 2004 |
High-security encoding device for remote controller
Abstract
The invention illustrates a high-security encoding device for
remote controller, comprising: a timer, which is used to provide a
transmitting time; a mode selector, which is used to provide a mode
select value; a controller, by which an identity, the transmitting
time, and the mode select value are received to generate a control
signal; a key; an encryptor, which receives the control signal and
applies the key to encrypt the control signal into a ciphertext;
and a radio-frequency (RF) modulator, which modulates and
thereafter outputs the ciphertext. The present invention further
illustrates a method to improve the electricity consumption of
remote controller, which includes: initiating an encoding device;
initiating a timer of the encoding device; encrypting both a
transmitting time and the identity of the timer and forward thereof
to a decoding device; the decoding device comparing the received
data with its own timing; synchronizing the timer of the decoding
device and the timer of the encoding device; determining that
whether or not the encoding device is again actuated during a
period of time; if not, then the timing is stopped while the final
timing value is still stored in a memory, if the encoding device is
actuated again during the period of time, then repeating the
hereinbefore steps until the controlled apparatus is activated.
Inventors: |
Lee, Yung-Cheng; (YunLin,
TW) ; Wu, Chia-Ju; (YunLin, TW) |
Correspondence
Address: |
BRUCE H. TROXELL
SUITE 1404
5205 LEESBURG PIKE
FALLS CHURCH
VA
22041
US
|
Assignee: |
Holltek Semiconductor Inc.
|
Family ID: |
31989689 |
Appl. No.: |
10/647350 |
Filed: |
August 26, 2003 |
Current U.S.
Class: |
380/255 |
Current CPC
Class: |
G07C 2209/06 20130101;
G07C 9/00182 20130101; H04L 9/3297 20130101; H04L 2209/12 20130101;
H04L 9/002 20130101 |
Class at
Publication: |
380/255 |
International
Class: |
H04K 001/00 |
Foreign Application Data
Date |
Code |
Application Number |
Aug 30, 2002 |
TW |
91119738 |
Claims
What is claimed is:
1. A high-security encoding device for remote controller,
comprising: a timer used to provide a transmitting time; a mode
selector used to provide a mode select value; a controller, by
which an identity, said transmitting time, and said mode select
value are received to generate a control signal; a key; an
encryptor, which receives said control signal and applies said key
to encrypt said control signal to a ciphertext; and a RF modulator,
which modulates and outputs said ciphertext.
2. The high-security encoding device for remote controller as
recited in claim 1, wherein said timer is a 32 bits timer.
3. The high-security encoding device for remote controller as
recited in claim 1, wherein said key is a 64 bits key.
4. The high-security encoding device for remote controller as
recited in claim 3, wherein said key is stored in a non-volatile
memory.
5. The high-security encoding device for remote controller as
recited in claim 1, wherein said transmitting time is four bytes in
length, which is used to check whether time difference between the
timer of the encoding device and the timer of the associated
encoding device is within a tolerance time.
6. The high-security encoding device for remote controller as
recited in claim 1, wherein said mode select value is 2 bytes in
length, by which a mode is chosen among the normal mode, emergency
mode, and synchronized mode according to actual need.
7. The high-security encoding device for remote controller as
recited in claim 1, wherein said identity is 2 bytes in length,
which is used for testing and verifying the associated decoding
device.
8. The high-security encoding device for remote controller as
recited in claim 1, wherein said control signal is represented as
plaintext
9. The high-security encoding device for remote controller as
recited in claim 1, wherein said ciphertext is encrypted using a
symmetric key with 64 bits in length.
10. The high-security encoding device for remote controller as
recited in claim 1, wherein an initial value of said timer is a
random number.
11. The high-security encoding device for remote controller as
recited in claim 10, wherein said timer is realized by a logic
circuit
12. The high-security encoding device for remote controller as
recited in claim 10, wherein said timer is realized by the
single-chip timing-interrupt method.
13. A high-security encoding device for remote controller,
comprising: a timer, which is used to provide a transmitting time,
and said timer only timing a few seconds while said encoding device
for remote controller is actuated in order to save electricity; a
mode selector, which is used to provide a mode select value; a
controller, by which an identity, said transmitting time, and said
mode select value are received to generate a control signal; a key;
an encryptor, which receives said control signal and applies said
key to encrypt said control signal into a ciphertext; and a RF
modulator, which modulates and thereafter outputs said
ciphertext.
14. The high-security encoding device for remote controller as
recited in claim 13, wherein an operating method for the device
comprising: activating said encoding device; activating said timer
of said encoding device; encrypting said transmitting timing and
said identity of said timer, and said compelling synchronized mode
value while sending out to an external decoding device to enable
said decoding device to carry out a synchronized action; evaluating
whether or not said decoding device is activated once again during
a period of time; if not, then stop timing, but a final timing
value is still stored in memory; if yes, then an encrypted signal
containing no said compelling synchronized mode value is sent.
Description
FIELD OF THE INVENTION
[0001] This invention is related to an encoding device for remote
controller, specifically to a high-security encoding device for
remote controller. The characteristic of the present invention is
that by replacing counters used in the prior arts with timers to
make a "mask-replay" attack hard to succeed, thus, the security of
the remote control system is enhanced and also the electricity
consumption problem of remoter controller is improved.
BACKGROUND OF THE INVENTION
[0002] Nowadays, remote controller has become one of the daily-use
appliances. All without exception that remote controller is applied
on cars, front doors, and even audio-video equipment for the sake
of convenience. Although there is no need to apply security
mechanisms to some remote control subjects so that misusing or
stealing can be prevented. But there are even more applications
take security as their prior consideration. For example, remote
controller for automobile shall be able to prevent burglars from
sealing the car, even audio-video equipments will require some kind
of security design to prevent children from watching programs that
are not appropriate.
[0003] General speaking, a remote control system can be divided
into a one-way operating mode and a two-way operating mode. In a
one-way operating system, control signals are emitted entirely from
the transmitting end to control remotely the appliances at the
receiving end; yet, in the two-way operating system, control
signals are emitted interactively between the transmitting end and
the receiving end to ensure the objective of control. Although a
two-way operating system can achieve a mutual authentication and
has a better control effect, but owing to the complexity and cost
of its equipments, it is seldom used except in some important
situations.
[0004] The most simple remote control system is that a control
signal is transmitted directly in plaintext to a receiver by radio.
If every plaintext transmitted is the same, an attacker can simply
replay the eavesdropped signal by using a scanner to accomplish the
attack successfully. Accordingly, the system is extremely
unsecured. Even signals transmitted in the system include some
non-stationary values, e.g. random numbers and times, if attackers
comprehend the system's framework and operating method (usually can
be acquired with ease), an effective signal can be counterfeited
and the system can be attacked with success.
[0005] A more secure method is to encrypt control signals
appropriately before emitting. The receiving end will decrypt the
signals and then proceed further. If a secured encryptor is
adopted, attackers will have no way to know the accurate contents
of control signals. Nevertheless, if a system is the same as the
above-mentioned that a transmitted data is identical every time, an
attacker after eavesdropping the signal can also simply replay the
signal to accomplish an attack successfully. That is, the system is
still not secured. In another case, if signals transmitted by the
system are not stationary, but rather generated using several
random numbers or codebook, when the random number or the entropy
of the codebook is large enough, even an attacker who knows the
system's framework and operating method but without an accurate key
will have no way to counterfeit an effective data so as to attack
the system successfully. However, due to the following factors, the
safety of a traditional remote controller is under suspicion:
[0006] 1. The quantity of random number or the size of codebook of
traditional remote controller;
[0007] 2. Unsecured system framework and operating method of
traditional remote controller.
[0008] The above-mentioned factors enable the attackers to guess
the contents of signals with ease, or through the recording of
total control signals to successively transmit thereof to activate
the receiver. Hence, a traditional remote controller, no matter the
control signals are encrypted or not, is vulnerable to be
attacked.
[0009] To achieve the safety requirement of remote controller, a
modem cipher technique must be used. The crypto-system is divided
into symmetric key crypto-system and asymmetric key crypto-system
that can be summarized as following:
[0010] 1. Symmetric key crypto-system: The symmetric key
crypto-system is also addressed as traditional crypto-system with
reference to FIG. 1A. Within the system of FIG. 1A, the encrypting
key 1 of transmitting end is exactly the same as the decrypting key
2 of the receiving end. In operation, the encryptor 3 first applies
the encrypting key 1 to encrypt a plaintext M into a ciphertext C.
After the receiving end receives the ciphertext C, the decryptor 4
applies the decrypting key 2 which is exactly the same as the
encrypting key 1 to decrypt the ciphertext C back into the
plaintext M. According to the data encryption standard (DES) of
U.S. National Standard, a plaintext of the input end is split up
into a plurality of blocks using 64 bits as a unit, and then each
block is encrypted into 64 bits ciphertext C using a 64 bits key;
the receiving end applies a same key K to decrypt the ciphertext C
into plaintext M. Since the plaintext and the ciphertext are
equivalent in length, it is economic for transmission.
[0011] 2. Asymmetric key crypto-system: The asymmetric key
crypto-system is also addressed as public key crypto-system with
reference to FIG. 1B. Within the system of FIG. 1A, the encrypting
key 1' of transmitting end is not identical to the decrypting key
2' of the receiving end. Take the famous Rivest-Shamir-Adelman
(RSA) crypto-system for instance, an input plaintext M is encrypted
into the ciphertext C using a public key 1' of the receiving end,
i.e. C=M.sup.e (mod N). The receiving end receives the ciphertext C
then applies the private key 2' of its own to decrypt the
ciphertext C back into the plaintext M, i.e. M=C.sup.d (mod N).
Wherein N is an open value of the system that is equal to the
product of the two prime number p and q, and e.multidot.d=1mod
(.phi. (N)). In an asymmetric key crypto-system, for security sake,
the value of N is usually very large (at least 1024 bits in
length), and calculation time is long-winded because exponential
operation is adopted. Hence, the asymmetric key crypto-system is
difficult to accomplish by single-chip method, but rather by a
software means in cooperate with high-speed computer. Nevertheless,
the asymmetric key crypto-system has a certification function,
which is essential in Internet and e-commerce application.
[0012] Focusing on the most prevailing remote control system with
reference to the remote control system illustrated in U.S. Pat. No.
5,517,187, wherein FIG. 2A and FIG. 2B depict respectively
schematic drawings of a transmitter and a receiver of the system.
In FIG. 2A, the transmitter 10 includes: a counter 11, which
provides a transmitting count C.sub.T; a mode selector 12, which
provides a mode select value M.sub.0; a controller, by which the
transmitting count and the mode select value are received to
generate a control signal that is represented as plaintext M; a key
14; an encryptor 15, which receives the control signal and applies
the key 14 to encrypt the control signal into ciphertext C; and a
RF modulator 16, which modulates and thereafter outputs the
ciphertext. In FIG. 2B, the receiver 20 includes: a RF modulator
16', which demodulates the signals emitted from the transmitter; a
key 14; a decryptor 15', which receives the demodulated signals and
decrypts the demodulated signals into plaintext M by applying the
key 14; a counter 11, which generates a receiving count C.sub.R; a
controller 13, which receives the plaintext and the receiving
count; and a checker 17, which checks whether the value of the
counter is correct or not to decide whether the execution should
continue.
[0013] Wherein, the control signal M of the transmitter includes a
mode select value M.sub.0 and a transmitting count C.sub.T, that
is:
[0014] M={M.sub.0,C.sub.T}
[0015] Wherein M.sub.0 is the value of the mode select register
that is 32 bits in length, and contents the mode select keystroke
information, product number, other relevant and reserved bits, etc.
Mode selection can be divided into a normal mode and a synchronized
mode, in both the checking of data transmitting and receiving are
similar and the only differences is in the bits of data and the
range to be checked. C.sub.T is the value of the counter and the
total length of counter is 32 bits, therefore its codes is 2.sup.32
in total. For an ordinary remote controller, it is sufficient for
security reason.
[0016] There is a common key K in both the transmitting end and the
receiving end of the system, and each has a 32 bits counter. Every
time the system starts to operate or revive, the content of the
counter of the receiving end C.sub.R is the counter of the
transmitting end C.sub.T plus 1. Before each transmission, a value
of 1 is added to the value of the counter of the transmitting end.
The transmitting end encrypts the above-mentioned data M using K
with the symmetrical key method, and then transmits the data to the
receiving end.
[0017] In summary, the characteristics of the operating method of
remote control system with reference to U.S. Pat. No. 5,517,187 is
that, after the receiving end receives signals outputted from the
transmitting end, the system will check:
[0018] 1. To decide whether it is in a normal or a synchronized
mode;
[0019] 2. To decide whether the transmitting count C.sub.T received
match with the receiving count C.sub.R, i.e.
n.gtoreq.C.sub.T-C.sub.R.gtoreq.0; wherein, n is a coefficient
related to safety. For example, n=5 represents that the system is
allowed no more than five transmission failures;
[0020] 3. If the above-mentioned two steps are conformed, then
synchronize the counter (i.e. make C.sub.R=C.sub.T+1) and actuate
switch; If not, then no action will be made. At this time, if the
transmitting end emits a signal of synchronization request, the
system then enters into the synchronized mode and, after the
request is executed, the counter of the receiving end and the
transmitting end are synchronized and act normally. (The procedure
is the same as the normal steps, except that the data transmitted
is changed to another set of codes and counts while the safety
coefficient is enlarged (e.g. n=100 etc.); and
[0021] 4. If both the normal and the synchronized mode can not
activate the receiver, the controller shall be send back for repair
or re-write.
[0022] However, there is a major drawback of this system. That is,
if an attacker masks a signal while it is being transmitted by the
system so that the receiving end 20 can't receive the signal
normally, the receiving end will not operate accordingly. When an
ordinary user puts a remote controller to use for several times and
the receiver 20 cannot operate normally, the user usually will
leave and asks for support. Nevertheless, if an attacker 5 replays
a signal to the receiving end 20 right at this time, as long as the
value of the counter is within a reasonable range, the receiving
end 20 will operate normally, i.e. the attack is a success. In the
synchronized mode, similar to the above situation, an attack also
will succeed. Because of the openness essence of radio remote
control signal, in addition to the easiness for attackers to
purchase any kind of scanner needed, a law-breaker can easily
eavesdrops and records any signal transmitted. As seen in FIG. 3,
through transmitting mask, signal eavesdropping and signal
replaying (in brief, "mask-replay"), an attack can be achieved with
ease.
[0023] Moreover, the present invention also comprises a rolling
code system and a hopping code system. In the rolling code system,
every time a receiver receives a signal, no matter the signal is
correct or not, a value is added to the counter, e.g. 1. Therefore,
in each normal operation, if a signal is eavesdropped by an
attacker and replayed to the receiver, whereas the value of the
counter of the receiver is larger than the signal itself, the
receiver can not operate normally. For instance, a count of a
transmitter starts with 100 and a count of a receiver starts with
101, the count of the transmitter is changed to 101 while the
transmitter emits a signal; When the receiver receives the correct
signal, since the count of the receiver is equal to the count of a
transmitter, the system will operate normally and increases the
count by 1 to change the value of the count to 102. If an attacker
detects and records the transmitted signal whose content of the
count is 101 and replays the signal to the receiving end, whereas
the counter of the receiving end has been changed to 102 and is not
the same as the replayed signal, the system will cease to operate.
However, if an attacker replays the signal again and again, though
the receiving end won't operate normal output, the count of the
receiving end keeps accumulated to an extent that it exceed the
safety range so that the system stops operating henceforth and has
to be send back to the manufacturer for resetting.
[0024] Hence, in a rolling code system, if an attacker uses the
above-mentioned method to mask the signal to enable the count of
the receiving end to remain the same, thereat the attacker replays
the eavesdropped signal and the system will operate normally, i.e.
the attack succeeds.
[0025] Furthermore, a hopping code system is the same as the
above-mentioned except that its counter applies a hopping output
(i.e. can be achieved by applying a virtue random number
generator), and is also difficult to resist a "mask-replay"
attack.
[0026] Therefore, seeing the drawbacks of the foregoing prior arts,
the focal point of the present invention is to provide a
high-security encoding device for remote controller that not only
can resist the "mask-replay" attack, but also improve the
electricity consumption problem of remote controller.
SUMMARY OF THE INVENTION
[0027] Seeing that the drawbacks of the prior arts, the focal point
of the present invention is to provide a high-security encoding
device for remote controller, wherein a timer is used to
successfully resist the "mask-replay" attack so that system
security is improved.
[0028] To achieve the above-mentioned objective according to the
present invention, the present invention illustrates a
high-security encoding device for remote controller that includes:
a timer, which is used to provide a transmitting time; a mode
selector, which is used to provide a mode select value; a
controller, in which an identity, the transmitting time, and the
mode select value are received to generate a control signal; a key;
an encryptor, which receives the control signal and applies the key
to encrypt the control signal into a ciphertext; and a
radio-frequency (RF) modulator, which modulates and thereafter
outputs the ciphertext.
[0029] The length of timer is different according to design needs,
where 8-bits, 16-bits, or 32-bits is most commonly used.
[0030] In a preferred embodiment, the key is a 64 bits key, and the
bits size can be increased or decreased according to necessity,
e.g. 16, 32, 128 bits etc.
[0031] In a preferred embodiment, the key is stored in a
non-volatile memory or in a one-time program ROM.
[0032] The length of the transmitting time is depended on the
chosen timer, e.g. in a 32 bits timer that the length of
transmitting time is 4 bytes, which is used to check whether or not
the time difference between the timer of the encoding device and
the timer of the associated encoding device is within a tolerance
time.
[0033] In a preferred embodiment, the length of the mode select
value is 2 bytes, by which a mode is chosen among the normal mode,
emergency mode, and synchronized mode according to actual need.
[0034] In a preferred embodiment, the length of identity is 2
bytes, which is used for testing and verifying the associated
decoding device.
[0035] In a preferred embodiment, the control signal is represented
as plaintext M.
[0036] In a preferred embodiment, the ciphertext is encrypted using
the symmetric key crypto-system.
[0037] In a preferred embodiment, the timer is realized by a
single-chip timing-interrupt method.
[0038] In a preferred embodiment, the timer is realized by a logic
circuit.
[0039] The present invention further illustrates a method for the
improvement of electricity consumption of remote controller, which
includes: initiating an encoding device; initiating a timer of the
encoding device; encrypting a transmitting time and an identity of
the timer and forward it to the decoding device; the decoding
device comparing the received data with its own timing;
synchronizing the timer of the decoding device and the timer of the
encoding device; determining whether the encoding device is again
actuated during a period of time; if not, the timing is stopped but
still the final timing value is stored in a memory, if the encoding
device is again initiated, then repeat the hereinbefore steps until
the controlled appliance is activated.
[0040] The object, spirit and advantages of the present invention
will be readily understood by the accompanying drawings and
detailed description.
BRIEF DESCRIPTION OF THE DRAWINGS
[0041] FIG. 1A is a block schematic diagram that illustrates the
symmetric key crypto-system;
[0042] FIG. 1B is a block schematic diagram that illustrates the
asymmetric key crypto-system;
[0043] FIG. 2A is a block schematic diagram that illustrates the
transmitter of the remote control system according to U.S. Pat. No.
5,517,187;
[0044] FIG. 2B is a block schematic diagram that illustrates the
receiver of the remote control system according to U.S. Pat. No.
5,517,187;
[0045] FIG. 3 is a block schematic diagram that illustrates the
"mask-replay" attacking method of the remote control system
according to the prior arts;
[0046] FIG. 4A is a block schematic diagram that illustrates an
embodiment of the encoding device for remote controller according
to the present invention;
[0047] FIG. 4B is a block schematic diagram that illustrates an
embodiment of the decoding device for remote controller according
to the present invention;
[0048] FIG. 5 is a block schematic diagram that illustrates an
embodiment of timer according to the present invention;
[0049] FIG. 6 is a block schematic diagram that illustrates another
embodiment of timer according to the present invention; and
[0050] FIG. 7 is a chart that illustrates the relationship between
tolerance time, safe time, timing chip accuracy and
time-between-operation of the decoding device according to the
present invention;
DETAILED DESCRIPTION OF THE INVENTION
[0051] The invention illustrates a high-security encoding device
for remote controller, wherein the characteristic of the present
invention is that by replacing counters used in the prior arts with
timers to make a "mask-replay" attack hard to succeed, thus, the
security of the remote control system is enhanced and also the
electricity consumption problem of remoter controller is improved.
Please refer to the following drawings for better understanding of
detailed descriptions of the present invention, which the same
reference numbers represent the same components.
[0052] Please refer to FIG. 4A, which is a block schematic diagram
that illustrates an embodiment of the encoding device for remote
controller according to the present invention. In FIG. 4A, The
encoding device 30 comprises: a timer 31, which is used to provide
a transmitting time T.sub.T; a mode selector 32, which is used to
provide a mode select value M.sub.0; a controller 33, by which an
identity N, the transmitting time, and the mode select value are
received to generate a control signal; a key 34; an encryptor 35,
which receives the control signal and applies the key 34 to encrypt
the control signal into a ciphertext C; and a RF modulator 16,
which modulates and thereafter outputs the ciphertext.
[0053] In detail, within the encoding device of the present
invention, the timer is a 32 bits timer and the key is a 64 bits
key. The key is stored in a non-volatile memory, such as ROM or
EPROM.
[0054] The control signal is represented as plaintext M:
M={Mo,N,T.sub.T}, wherein Mo is a mode select value, N is an
identity, and T.sub.T is a transmitting time, that are illustrated
respectively as following:
[0055] 1.Mo: The mode select value (Mo) is 2 bytes in length
including mode select value and other reserved data, by which a
mode is chosen among normal mode, emergency mode, and synchronized
mode according to actual need.
[0056] 1) Normal mode: The normal mode is used in normal operation.
In this mode, the tolerance time T.sub.L of an associated decoding
device is smaller. Tolerance time is the maximum error value
between timers of the encoding device and the decoding device that
are set by the decoding device to ensure the system can operate
normally. Tolerance time is usually larger than safe time. The safe
time is an actual error value between timers of the encoding device
and the decoding device. For instance, if accuracy of timer is
.+-.10.multidot.10.sup.-6, the actual maximum error value of timers
between the encoding device and the decoding device will be
20.multidot.10.sup.-6, about 2 sec/day. The safe time corresponds
to 30 days is one minute. If a tolerance time is twice the safe
time, which means an error value between timers of the encoding
device and the deciding device can be allowed to be two minutes. In
this way that the system can be assured to operate normally without
the system-inoperative problem caused by an increase of system
timing error.
[0057] 2) Emergency mode: If timing error between the encoding
device and the decoding device somehow exceeds the tolerance time
of normal mode, the normal mode will not activate the appliance. At
this time, an emergency mode can be used to solve the problem. The
emergency mode operates exactly like the normal mode, but the
tolerance time of decoding device is larger. Nevertheless, the
system security is reduced in this mode, and it is noted that one
shall not leave during the period of tolerance time after an
appliance is activated.
[0058] 3) Synchronized mode: If both normal mode and emergency mode
can't force decoding device to operate, then the system enters into
synchronized mode. This mode is more lenient toward the decoding
device end in the content checking, e.g. only compares the identity
and the tolerance time, etc. This mode is the same as the
above-mentioned emergency mode but has a lower system security,
which pays more attention to the problem that resist "mask-replay"
attacks within the tolerance time.
[0059] 2.N: The identity (N) is 2 bytes in length and is used for
testing and verifying the associated encoding device, and its
content includes product number and other parameters.
[0060] 3. T.sub.T: The transmitting time (T.sub.T) is 4 bytes in
length and is used to check whether the time difference between the
timer of the encoding device and the timer of the associated
encoding device is within tolerance time.
[0061] Moreover, the control signals are represented as plaintext
M, and the ciphertexts are encrypted using a 64 bits symmetric
key.
[0062] To cooperate with the embodiment of encoding device for
remote controller according to the present invention, an associated
decoding device 40 with reference to FIG. 4B comprises: a RF
demodulator 36', which is used to demodulate signals outputted from
the encoding device; a key 34'; a decryptor 35', which receives the
demodulated signals and decrypts the signals into plaintext M by
applying the key 34'; a timer 31', which is used to generate a
receiving time T.sub.R; a controller 33', which receives the
plaintext and the receiving time; a register 37.
[0063] Please note that the content of the key 34, 34' of the
encoding device 30 and the decoding device 40 is the same. During
the decoding operation, controller 33' takes Mo, N and T.sub.T out
of M and then proceeds with the following procedure:
[0064] 1) Evaluating whether N is correct, if not, then output is
stopped;
[0065] 2) If N is correct, make an evaluation to determine whether
the signal is in normal mode, emergency mode or synchronized
mode.
[0066] 3) Comparing T.sub.T and T.sub.R to see whether the
tolerance time is exceeded, i.e. checking whether
.vertline.T.sub.T-T.sub.R.vertline..lt- oreq.T.sub.L. If answer is
yes, then the output is normally actuated, otherwise the system
will stop operating. Only in synchronized mode that the receiving
end merely checks the identity, or similar to the above method that
checks the tolerance time except for the tolerance time T.sub.L is
set to be larger so that the output apparatus is much easier to
activate. (The content checking of the three decoding device mode
can be adjusted according to the system requirement).
[0067] 4) No matter it is in normal mode, emergency mode or
synchronized mode, after the decoding device confirms the input is
correct, then the output device is activated and T.sub.T is
recorded to check whether the signal is a replay signal or not.
[0068] 5) While redesigning, the transmitting time T.sub.T and the
receiving time T.sub.R are synchronized, i.e. let T.sub.R=T.sub.T,
so as to prevent a cumulative error from happening.
[0069] In case of normal mode, emergency mode and synchronized mode
all can not actuate the decoding device, it means that the timing
difference between the encoding device and decoding device is very
large or the device is malfunctioning, so that the apparatus shall
be send back for resetting or overhauling.
[0070] In the present invention, a timer can be accomplished by a
single-chip timing-interrupt method, or by a setup of another
timing apparatus. That is, if a logic circuit is the only option in
considering cost factor, circuit complexity, and electricity
consumption of the encoding device, then a simple timing circuit
can be used as the timing apparatus. Since the foregoing factors
have less effect on the decoding device, thus, usually a
single-chip is installed and either a timing-interrupt method or
another timing circuit is used as the timer. A timer does not need
to synchronize with present time and also does not need to have a
high resolution as accurate as an ordinary timing apparatus, e.g.
watch etc., to the extent of millisecond, or even microsecond. It
is merely a simple timing apparatus that a 0.5 second resolution is
sufficient. Moreover, to achieve the effect of security, initial
value of a timer can be a random number, i.e. the initial value is
not zero, so that an attacker is difficult to hit the nail on the
head.
[0071] To ensure security and normal operation of a system, timer
should comply with the requirements that outputs are not repeated
easily and timers of the encoding device and the decoding device
are synchronized.
[0072] Considering a single-chip HT48C50 of Holtek Semiconductor
Inc., if a 400 KHz oscillator is adopted and a 16 bites timer is
set to interrupt every 0.5 second, then to generate 2.sup.32 times
interrupt require about 24855 days. Namely, if the timings are
outputted to four registers, then to finish a cycle requires about
68 years. Therefore, the repeating phenomenon of timing signals
need not be considered. Referring to FIG. 5 and FIG. 6, which are
two block schematic diagrams that respectively illustrate an
embodiment of timer applying a single-chip timing-interrupt method
and a timing logic circuit. In FIG. 5, a timer is realized by a
single-chip timing-interrupt method, which comprises: an oscillator
51, a frequency divider 52, a single-chip built-in counter 53, and
a system counter 54. In FIG. 6, a timer is realized by a logic
circuit, which comprises: an oscillator 61, a frequency divider 62,
and a counter 63.
[0073] Considering the synchronization of two timers of the
encoding device and the decoding device, the stability of a
modem-day timer is about .+-.10.multidot.10.sup.-6, that is, an one
minute error is generated every 69 days; The maximum timing
difference generated between the receiving end and the transmitting
end is 20.multidot.10.sup.-6, namely about 2 sec/day. If the
tolerance time is set to be one minute, there is no need to
consider an unsynchronized condition between the receiving end and
the transmitting end within 34 days. To avoid the embarrassment
that the decoding device can't operate caused by timing errors
between the receiving end and the transmitting end, the system
should apply software to adjust the tolerance time T.sub.L
appropriately.
[0074] The tolerance time T.sub.L can be programmed as
following:
T.sub.L=.alpha..multidot.T.sub.s+C
T.sub.s=T.sub.d.multidot.A.sub.C
[0075] wherein .alpha.: as a constant that can be adjusted
according to necessity, for instance, .alpha. can be 1.about.2 when
in normal mode, .alpha. can be 3.about.5 when in emergency mode,
.alpha. can be 5 and above when in synchronized mode.
[0076] T.sub.d: as a time-between-operations.
[0077] T.sub.s: as a safe time, which is the maximum timing error
between timers of receiving end and transmitting end.
[0078] C: as a time constant, which is used to ensure normal
operation of the system. Without the parameter C in the above
function, when a key is pressed twice successively, T.sub.d will be
very small and cause T.sub.L.apprxeq.0. Therefore, when a key is
pressed the second times, because of the time difference caused by
timing-carry of the receiving end and the transmitting end, the
decoding device might not be able to operate. The value of C is
usually set to be 0.5 second.
[0079] A.sub.C: as a value, which is the addition of accuracy of
the receiving end and the transmitting end.
[0080] For instance, if both the accuracy of the receiving end and
the transmitting end are .+-.10.multidot.10.sup.-6, then
A.sub.C=20.multidot.10.sup.-6, and the maximum timing difference
between the receiving end and the transmitting end is about 2
sec/day. If current operation is ten days away from the previous
successful operation, then T.sub.s=T.sub.d.multidot.A.sub.C=10
days.multidot.20.multidot.10.sup.-6=1- 7.28 sec. If .alpha.=1.5 and
C=0.5 sec, then the tolerance time
T.sub.L=.alpha..multidot.T.sub.s+C=1.5*17.28 sec+0.5 sec=26.42 sec,
that is, if a person who fails a transmission but does not leave
until after 26.5 sec, consequently, attackers can not use
mask-replay method to actuate the decoding device.
[0081] FIG. 7 is a chart that illustrates the relationship between
tolerance time, safe time T.sub.s, timing chip accuracy A.sub.C and
time-between-operation of the decoding device.
[0082] If signals are masked by attackers and can not be received
by the receiving end, the receiving end will not react. If a common
user can not activates an apparatus, it is accustomed to linger at
the scene for a period of time before leaving. If after the
tolerance time T.sub.L had passed, attackers then replay the
received signal to the receiving end, since the timing value of the
receiving end is more than T.sub.L, so that the decoding device
won't operate normally and the attack fails. If attackers keep
trying to replay the signals, it will take 24855 days for the timer
to come back to its original value, so that it is hard for
attackers to break into the system through replaying. The
"mask-replay" attack can be divided into the following two
conditions:
[0083] 1) The system is not operating for a long time, i.e.
T.sub.d>>0, so that the tolerance time is enlarged and user
is required to linger longer before leaving (referring to the
above-mentioned, if current operation is ten days away from a
previous successful operation, one should not leave until after
26.5 sec), so as to ensure the security of the system. Otherwise,
if an attacker applies a mask-replay attack, since the tolerance
time is larger, the attack might succeed.
[0084] 2) Right after the system finishes a successful operation,
the user immediately proceed with another operation, at the same
time an attacker carries out a mask-replay attack, so that the
legit user can not executes an operation normally. Since
T.sub.d.apprxeq.0 of the system, even though the user leaves
immediately, the attacker can not activates output and fails the
attack.
[0085] The decoding device has a plural set of registers to store
used T.sub.T, hence, if an attacker eavesdrops a normal operating
signal and replays the signal immediately, the system is able to
detect the repeat signal sent by the attacker and rejects to act
according. Moreover, if an attacker waits a period of time before
replaying the signal, the system is also able to detect the attack
and stop outputting since the tolerance time is over passed.
[0086] Because of the timing of the decoding device is reset to be
the same as time of the encoding device after each execution, and
furthermore is appropriately adjusted using the tolerance time
controlled by software according to time interval between
activation, therefore, there is no cumulative error and no need to
worry the synchronization problem.
[0087] While the system adopts a secured encryptor, e.g. DES etc.,
an attacker requires 2.sup.56 .mu.s to guess the keys of both the
transmitting end and the receiving end (assuming that computers
used by attackers can execute a million guessing within a second),
that is about 2285 years. Furthermore, since a relevant plaintext
is not sent by the system, it is difficult for attackers to reckon
the correct keys lacking the plaintext to compare with thereof
ciphertext.
[0088] The hardware and software of the system is very simple,
whose complexity is similar to those commercial products currently
on the market without adding excessive circuits and operations. The
comparison between the present invention and the remote control
system illustrated in U.S. Pat. No. 5,517,187 is shown in table
1:
1TABLE 1 The comparison between the present invention and the
remote control system illustrated in U.S. Pat. No. 5,517,187 System
U.S. Pat. No. Item The present invention 5,517,187 Key know-how 32
bites timer 32 bites timer Length of key 64 bites 64 bites Ability
to resist Yes Yes "replay" attack Required a plural set of 32 But
if under successive bits register to store the replay, the attack
may used T.sub.T succeed. Ability to resist Yes No "mask-replay"
After a long idle time, a attack longer tolerance time is required
before leaving.
[0089] Hereinafter, a method to improve the electricity consumption
problem of remote controller is illustrated according to the
present invention to expand the life span of the battery.
[0090] The encoding device and the decoding device for remote
control system according to the present invention are both equipped
with timer, and are both installed with encryptor, e.g. DES etc.,
and crypto-key K. Once timer is activated, the timing is non-stop.
For the decoding device of the receiving end, a stationary power
supply is applicable usually because of the location where it is
installed. Therefore, there is less consideration for electricity
consumption at the receiving end. On the other hand, the encoding
device of the transmitting end employs batteries for ordinary
hand-held appliances as its power supply, consequently the
power-saving or battery-changing issue must be taken into
consideration at the transmitting end. Under the power-saving
consideration, the means provided in the present invention are
still applicable. The followings are two power-saving methods:
[0091] The first method: except for the foregoing encrypt-decrypt
method, the comparison of timing value can be replaced by the
comparison of the value of difference, namely, to activate timer
for a period time only at each time the transmitting end is
actuated. Thought the timing value of the transmitting end may be
different from the timing value of the receiving end, since the
same timing frequency is used as a design base for the two timers,
both timers have the same timing speed. Hence, the decoding device
of the receiving end can compare the timing speed of its timer to
make sure that the encoding device of the transmitting end is an
accompanying device of the receiving end. In another word, while
the transmitting end starts to operate, the timer is actuated and
is successively sending out changing timing values, the receiving
end thereafter compares the timing frequency of the timer of the
transmitting end with its own to decide whether it is a matching
remote controller.
[0092] The second method: after the transmitting end idles for a
period of time, its timer will cease timing, which won't start
operating until a user presses a key of the remote controller of
the transmitting end. Since the values of timer of the transmitting
end and the receiving end are not the same under the circumstance.
Therefore, a signal that is transmitted first must be used as a
compelling synchronized mode signal. As soon as the receiving end
receives the compelling synchronized mode signal, the timer of the
receiving end can be synchronized with the timer of the
transmitting end, thus the next signal transmitted can be evaluated
according to normal method as mentioned previously. Since only the
first signal transmitted after the stopping of timer of the
transmitting end is the compelling synchronized mode signal whose
length is merely about several microseconds, therefore, users will
not feel a sensation of delaying. Because a normal signal will be
transmitted right after the transmission of the compelling
synchronized mode signal, or users will be required to press the
transmission key twice successively after a remote controller is
idled for a period of time, then the receiving end can be actuate.
The first press is to send out the compelling synchronized mode
signal and the second press is simply to send out a normal signal.
For the sake of security, to prevent the compelling synchronized
mode signal and the successive normal signal are eavesdropped and
recorded, a further precautions is to enable the receiving end to
record the first few times of the timing values during the
compelling synchronized mode. If the records are the same, it
represents that they are duplicated signals from an attacker, then
no operation will be actuated.
[0093] The foregoing methods for improving the electricity
consumption problem of remote controller can be represented as
following: activating encoding device; activating timer of the
encoding device; encrypting the transmitting timing and the
identity of the timer while sending out thereof to the decoding
device; the decoding device compares the received data with its own
timing; if under compelling mode, then the timer of the decoding
device is synchronized with the timer of the encoding device; if
under normal mode, then the decoding device make a evaluation to
decide whether the encoding device should be activated according to
the timing value received; for the sake of power-saving, the
controller of the encoding device evaluates whether a key is
pressed or not during a period of time, the power-saving apparatus
is actuated and the electricity is automatically disconnected if no
key is pressed; No matter under which mode, the final timing value
of the transmitting end is stored in its memory. General speaking,
while the first time a decoding device receives a signal, the
timing difference is too large so that the controlled apparatus is
not be able to activate. But after synchronized by the timer, the
second received signal should be able to activate the
apparatus.
[0094] Owing to the limiting computational capability, a
single-chip or other electronic apparatuses of general encoding
device can not rapidly accomplish somewhat complex operations, e.g.
the modular multiplication or modular exponentiation, that are
required in the asymmetric system. Hence, a symmetric key
crypto-system is more appropriated. For example, in the DES system
which is still considered by the public to be a safe system that
the time required to execute an one-time encryption or decryption
by applying symmetric method on a single-chip is about several
microseconds. Therefore, no time delaying problem is incurred in
the application. Thought a newly promulgated encryption standard
AES will replace the twenty-year-old DES, the present invention can
adapts the encryptor used in the system to AES. Only the key of AES
is longer, the time required to encrypt-decrypt is longer.
[0095] In summary, the present invention illustrates a
high-security encoding device for remote controller whose
characteristics is replacing the counter used in the prior arts by
a timer, so that make a "mask-replay" attack hard to succeed.
Hence, the security of remote control system is enhanced and also
the electricity consumption problem of remoter controller is
improved. Consequently, the present invention has been examined to
be progressive and has great potential in commercial
applications.
[0096] Those skilled in the art should appreciate that they can
readily use the disclosed conception and specific embodiments as a
basis for designing or modifying other structures for carrying out
the same purpose of the present invention, and that various
changes, substitutions and alterations can be made herein without
departing from the spirit and scope of the invention as defined by
the append claims.
* * * * *